Julien Cristau [Tue, 4 Jul 2017 18:59:29 +0000 (20:59 +0200)]
exim: postgrey in stretch handles host to network address translation
Rather than using ${mask:...} in the exim config, we can let postgrey do
this on its own. Otherwise, it gets confused with ipv6 addresses using
dots instead of colons as separators, and crashes
(https://bugs.debian.org/867201).
Peter Palfrader [Tue, 4 Jul 2017 13:36:13 +0000 (15:36 +0200)]
One bconsole run per truncate run
Peter Palfrader [Tue, 4 Jul 2017 09:39:19 +0000 (11:39 +0200)]
string stuff for py3
Peter Palfrader [Tue, 4 Jul 2017 09:28:15 +0000 (11:28 +0200)]
volumes-delete-old update
Peter Palfrader [Tue, 4 Jul 2017 09:21:29 +0000 (11:21 +0200)]
delete old volumes daily
Peter Palfrader [Tue, 4 Jul 2017 09:21:18 +0000 (11:21 +0200)]
move crontab to file
Peter Palfrader [Tue, 4 Jul 2017 09:20:14 +0000 (11:20 +0200)]
rename get-deleteable-volumes -> volumes-delete-old
Peter Palfrader [Tue, 4 Jul 2017 09:14:07 +0000 (11:14 +0200)]
Add script to find deletable volumes
Peter Palfrader [Tue, 4 Jul 2017 09:10:35 +0000 (11:10 +0200)]
Make volume-purge-action learn about mediatypes from the DB
Tollef Fog Heen [Mon, 3 Jul 2017 09:58:37 +0000 (11:58 +0200)]
Allow thijs tcpdump on klecker
Peter Palfrader [Sun, 2 Jul 2017 18:48:28 +0000 (20:48 +0200)]
fix a link
Peter Palfrader [Sun, 2 Jul 2017 18:45:35 +0000 (20:45 +0200)]
Update apache2 cipher preferences from https://mozilla.github.io/server-side-tls/ssl-config-generator/
Aurelien Jarno [Sat, 1 Jul 2017 19:57:58 +0000 (21:57 +0200)]
Revert "redirect linux updates to security-cdn"
This reverts commit
b6f21532b07dfcb35d059d46913c306ea19c50e8.
Tollef Fog Heen [Sat, 1 Jul 2017 13:18:48 +0000 (15:18 +0200)]
Send stderr from dpkg-query to /dev/null to avoid cron spam
Tollef Fog Heen [Sat, 1 Jul 2017 07:42:04 +0000 (09:42 +0200)]
Fix up tor fact to not complain if the package has been purged
`dpkg -l $package` will return 0 if the package has been purged, so a
proper test for it instead. Also add a pair of quotes to make `dpkg
--compare-versions` not complain.
Julien Cristau [Wed, 28 Jun 2017 16:55:56 +0000 (09:55 -0700)]
Don't push incoming to klecker
klecker is already out of static rotation in auto-dns, and we're having
connectivity issues from fasolo, so this should be safe until we get
that resolved.
Julien Cristau [Wed, 28 Jun 2017 16:58:05 +0000 (09:58 -0700)]
Revert "Don't push incoming to klecker"
This reverts commit
3c6303312627c8662f12ca1431e81c12186847f9.
Turns out incoming and incoming.ports aren't the same thing.
Julien Cristau [Wed, 28 Jun 2017 16:55:56 +0000 (09:55 -0700)]
Don't push incoming to klecker
klecker is already out of static rotation in auto-dns, and we're having
connectivity issues from fasolo, so this should be safe until we get
that resolved.
Aurelien Jarno [Wed, 28 Jun 2017 07:34:24 +0000 (09:34 +0200)]
redirect linux updates to security-cdn
security mirrors are overloaded
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 27 Jun 2017 10:06:53 +0000 (12:06 +0200)]
buildds: disable buildd.d.o repository on stretch hosts
Stretch hosts directly use the sbuild and buildd packages from the
debian archive.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Martin Zobel-Helas [Sun, 25 Jun 2017 11:09:56 +0000 (13:09 +0200)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
puppet.conf: increase the connect timeout a bit
Martin Zobel-Helas [Sun, 25 Jun 2017 11:09:30 +0000 (13:09 +0200)]
make demime=* conditional
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Aurelien Jarno [Sat, 24 Jun 2017 22:43:05 +0000 (00:43 +0200)]
puppet.conf: increase the connect timeout a bit
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Wed, 21 Jun 2017 08:51:09 +0000 (10:51 +0200)]
Revert "redirect linux updates to security-cdn"
This reverts commit
e0525b0198da806181c009520758274cf1d05995.
Aurelien Jarno [Wed, 21 Jun 2017 06:51:03 +0000 (08:51 +0200)]
buildds: update dupload.conf
- ftp-master.d.o doesn't accept FTP upload anymore, replace it by
ftp.upload.debian.org.
- add an anonymous-ftp-eu alias targetting ftp.eu.upload.debian.org.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 20 Jun 2017 20:32:25 +0000 (22:32 +0200)]
ferm/aql: fix multicast rule
This should be 224.0.0.0/4 instead of 224.0.0.0/24. Thanks to James
Cowgill who noticed the typo.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Tue, 20 Jun 2017 06:40:01 +0000 (08:40 +0200)]
redirect linux updates to security-cdn
security mirrors are overloaded
Paul Wise [Mon, 19 Jun 2017 06:24:50 +0000 (14:24 +0800)]
Add UTF-8 charset for all .txt files on ftp.d.o
The dedication text files are UTF-8 encoded and
various browsers do not do automatic charset detection.
Suggested-by: KiBi on IRC (IIRC)
Aurelien Jarno [Sat, 17 Jun 2017 08:04:27 +0000 (10:04 +0200)]
drop all traces of ia64
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 17 Jun 2017 08:03:47 +0000 (10:03 +0200)]
setup-all-dchroots: add buster
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Paul Wise [Sat, 17 Jun 2017 06:30:04 +0000 (14:30 +0800)]
Switch from /org to /srv in exim configuration
/org has been obsoleted by /srv for many years on debian.org hosts.
Paul Wise [Sat, 10 Jun 2017 03:30:57 +0000 (11:30 +0800)]
Update the setup for archive.debian.net
Factor out the config into an apache2 macro.
Make the 503 error message more generic so it can be used anywhere.
Peter Palfrader [Fri, 9 Jun 2017 11:17:19 +0000 (13:17 +0200)]
new zivit nameservers
Peter Palfrader [Fri, 9 Jun 2017 09:37:53 +0000 (11:37 +0200)]
disable nameservers for zivit
Peter Palfrader [Thu, 8 Jun 2017 10:40:17 +0000 (12:40 +0200)]
slightly reduce volume retention times for full and differentials (from 3 and 2 months to 100 and 50 days)
Paul Wise [Tue, 6 Jun 2017 00:51:59 +0000 (08:51 +0800)]
Allow d-i folks to rebuild the installation-guide as needed
Peter Palfrader [Mon, 5 Jun 2017 17:11:10 +0000 (19:11 +0200)]
set BufferedLogs to on
klecker sees a lot of IO which might be attributable to log traffic.
Maybe setting BufferedLogs to on will help this.
Aurelien Jarno [Sun, 4 Jun 2017 14:29:52 +0000 (16:29 +0200)]
Remove httpredir related code
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 4 Jun 2017 11:41:48 +0000 (13:41 +0200)]
Remove old dillon-lvm mapping
dillon is now using dillon-lvm2 on the other MSA
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 4 Jun 2017 11:32:32 +0000 (13:32 +0200)]
decommission httpredir-bm-01
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Mon, 29 May 2017 18:54:17 +0000 (20:54 +0200)]
decommission httpredir-csail-01
Julien Cristau [Sat, 27 May 2017 12:59:13 +0000 (14:59 +0200)]
Use HTTPS for redirect from security.d.o to d.o/security/
Julien Cristau [Fri, 26 May 2017 20:22:21 +0000 (22:22 +0200)]
buildd: point dupload.conf at ftp.security.upload.d.o
Aurelien Jarno [Sat, 20 May 2017 11:08:18 +0000 (13:08 +0200)]
Add hier.d.o to provide historical.packages.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Sat, 20 May 2017 06:05:04 +0000 (08:05 +0200)]
Set SSLStaplingFakeTryLater to off
Aurelien Jarno [Tue, 16 May 2017 21:48:04 +0000 (23:48 +0200)]
enable ubc autofs for hier.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 11 May 2017 06:49:38 +0000 (08:49 +0200)]
Add dedication for hier.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 10 May 2017 22:16:27 +0000 (00:16 +0200)]
Add volumes for hier on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Fri, 5 May 2017 21:24:24 +0000 (23:24 +0200)]
Remove buildd.debian-ports.org virtual domain
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Tue, 2 May 2017 20:54:50 +0000 (22:54 +0200)]
Merge branch 'query' of https://github.com/stapelberg/dsa-puppet
Signed-off-by: Julien Cristau <jcristau@debian.org>
Michael Stapelberg [Tue, 2 May 2017 20:28:37 +0000 (22:28 +0200)]
Add redirect for more old query string URLs
fixes https://github.com/Debian/debiman/issues/78
Paul Wise [Sat, 25 Feb 2017 03:59:41 +0000 (11:59 +0800)]
Add support for @syslogversion 3.8 from stretch
Martin Zobel-Helas [Wed, 26 Apr 2017 12:57:43 +0000 (14:57 +0200)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
samhain: ignore /etc/schroot/setup.d/99builddsourceslist
setup-dchroot: fix SUITE_ARCH detection for jessie kfreebsd chroots
99porterbox-extra-sources: use jessie-kfreebsd as base for jessie-backports kfreebsd chroots
99builddsourceslist: add a hack to handle the kfreebsd jessie-backport case
Always set permissions of apache2 log directory
Fix previous commit
Drop outgoing IPv4 multicast traffic at AQL
Martin Zobel-Helas [Wed, 26 Apr 2017 12:57:32 +0000 (14:57 +0200)]
add my other subnet
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Aurelien Jarno [Tue, 25 Apr 2017 06:40:38 +0000 (08:40 +0200)]
samhain: ignore /etc/schroot/setup.d/99builddsourceslist
Similarly to what is already done for 99porterbox-extra-sources and
99porterbox-extra-apt-options.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
James Clarke [Sun, 23 Apr 2017 13:10:57 +0000 (14:10 +0100)]
setup-dchroot: fix SUITE_ARCH detection for jessie kfreebsd chroots
James Clarke [Sun, 23 Apr 2017 12:55:52 +0000 (13:55 +0100)]
99porterbox-extra-sources: use jessie-kfreebsd as base for jessie-backports kfreebsd chroots
Aurelien Jarno [Mon, 24 Apr 2017 14:14:43 +0000 (16:14 +0200)]
99builddsourceslist: add a hack to handle the kfreebsd jessie-backport case
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Thu, 20 Apr 2017 16:38:21 +0000 (18:38 +0200)]
Merge remote-tracking branch 'waldi/log_apache2'
* waldi/log_apache2:
Always set permissions of apache2 log directory
Bastian Blank [Tue, 18 Apr 2017 19:12:15 +0000 (21:12 +0200)]
Always set permissions of apache2 log directory
Aurelien Jarno [Thu, 20 Apr 2017 16:25:34 +0000 (18:25 +0200)]
Fix previous commit
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 20 Apr 2017 15:59:53 +0000 (17:59 +0200)]
Drop outgoing IPv4 multicast traffic at AQL
Some packages like gst-rtsp-server1.0 generate multicast traffic in
their testsuite. This triggers protections at AQL. Avoid this by
dropping all the outgoing IPv4 multicast traffic.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Bastian Blank [Tue, 11 Apr 2017 19:27:01 +0000 (21:27 +0200)]
Init puppet environment with some stuff
Bastian Blank [Thu, 13 Apr 2017 15:53:34 +0000 (17:53 +0200)]
Init puppet system stuff
Bastian Blank [Tue, 11 Apr 2017 16:50:00 +0000 (18:50 +0200)]
Add octocatalog-diff job
Bastian Blank [Tue, 11 Apr 2017 19:32:17 +0000 (21:32 +0200)]
Ignore missing swede
Bastian Blank [Tue, 11 Apr 2017 18:30:52 +0000 (20:30 +0200)]
Drop explicit function requires
Bastian Blank [Tue, 11 Apr 2017 17:44:06 +0000 (19:44 +0200)]
Read misc files from environment
Bastian Blank [Tue, 11 Apr 2017 17:12:13 +0000 (19:12 +0200)]
Use relative paths in environment.conf
Martin Zobel-Helas [Wed, 19 Apr 2017 07:45:46 +0000 (09:45 +0200)]
Merge remote-tracking branch 'waldi/rsync-cleanup'
* waldi/rsync-cleanup:
Lower client limit for rsync on masters
Disable reverse lookup in rsyncd
Drop max connections from rsyncd configs
Disable the security repository for smetana
Bastian Blank [Wed, 19 Apr 2017 07:40:04 +0000 (09:40 +0200)]
Lower client limit for rsync on masters
We only need one (or two for security-master) concurrent connections per
direct mirrors or syncproxies.
Bastian Blank [Wed, 19 Apr 2017 07:36:26 +0000 (09:36 +0200)]
Disable reverse lookup in rsyncd
Due to restrictions enforced by systemd we don't have any access to DNS.
As a lot of connections are coming via stunnel, we don't see the remote
IP anyway. Just disable all reverse lookups and the warnings.
Bastian Blank [Wed, 19 Apr 2017 07:31:32 +0000 (09:31 +0200)]
Drop max connections from rsyncd configs
We have an indepdendent connection limit in systemd. So drop the ones
from rsyncd configs.
Aurelien Jarno [Tue, 18 Apr 2017 22:13:45 +0000 (00:13 +0200)]
Disable the security repository for smetana
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 18 Apr 2017 17:26:02 +0000 (19:26 +0200)]
Setup sibelius as a NFS server exporting to sallinen
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 18 Apr 2017 08:03:10 +0000 (10:03 +0200)]
Add a debian-ports-buildd-dists rsync share
Peter Palfrader [Sun, 16 Apr 2017 12:41:54 +0000 (14:41 +0200)]
layout changes
Peter Palfrader [Sun, 16 Apr 2017 12:37:03 +0000 (14:37 +0200)]
spelling fixes
Peter Palfrader [Sun, 16 Apr 2017 12:35:13 +0000 (14:35 +0200)]
archive.debian.net vhost on right port
Peter Palfrader [Sun, 16 Apr 2017 12:33:00 +0000 (14:33 +0200)]
archive.debian.net vhost
Peter Palfrader [Sun, 16 Apr 2017 12:23:26 +0000 (14:23 +0200)]
and put archive.d.n ssl cert onto the host
Peter Palfrader [Sun, 16 Apr 2017 12:23:16 +0000 (14:23 +0200)]
Fix path
Peter Palfrader [Sun, 16 Apr 2017 12:21:18 +0000 (14:21 +0200)]
Add a 503.html for archive.debian.net
Aurelien Jarno [Sun, 16 Apr 2017 10:50:54 +0000 (12:50 +0200)]
dsa-puppet-stuff: check for puppet version instead of debian release
As we might install backport versions of puppet.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Martin Zobel-Helas [Thu, 13 Apr 2017 00:11:03 +0000 (02:11 +0200)]
add skroutz
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 13 Apr 2017 00:06:22 +0000 (02:06 +0200)]
add skroutz
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 13 Apr 2017 00:05:03 +0000 (02:05 +0200)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
Use list of binds in apache config for syncproxies
Martin Zobel-Helas [Thu, 13 Apr 2017 00:04:46 +0000 (02:04 +0200)]
add skroutz
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Bastian Blank [Wed, 12 Apr 2017 07:13:54 +0000 (09:13 +0200)]
Use list of binds in apache config for syncproxies
Julien Cristau [Wed, 12 Apr 2017 06:29:34 +0000 (08:29 +0200)]
Try to fix apache syncproxy config
Bastian Blank [Tue, 11 Apr 2017 12:40:55 +0000 (14:40 +0200)]
Rename vsftpd::site_systemd to vsftpd::site
Bastian Blank [Tue, 11 Apr 2017 12:39:47 +0000 (14:39 +0200)]
Rename rsync::site_systemd to rsync::site
Bastian Blank [Tue, 11 Apr 2017 12:36:28 +0000 (14:36 +0200)]
Drop xinetd support in vsftpd
Bastian Blank [Tue, 11 Apr 2017 12:35:56 +0000 (14:35 +0200)]
Drop xinetd support in rsync
Aurelien Jarno [Tue, 11 Apr 2017 13:30:37 +0000 (15:30 +0200)]
puppet.conf: fix a typo in my previous commit
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 11 Apr 2017 13:27:40 +0000 (15:27 +0200)]
puppet.conf: split configtimeout into http_connect_timeout and http_read_timeout on stretch hosts
configtimeout has been deprecated in puppet version 4.1.0. It has been
split into http_connect_timeout and http_read_timeout. The former
controls how long Puppet should attempt to make a connection and the
latter controls how long Puppet should allow transfers to continue.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 11 Apr 2017 13:20:50 +0000 (15:20 +0200)]
puppet.conf: do not set pluginsync=true on stretch hosts
pluginsync has been deprecated in puppet version 4.4.0. It is however
the default, so it can be safely removed from the configuration file.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Bastian Blank [Tue, 11 Apr 2017 10:55:45 +0000 (12:55 +0200)]
Re-introduce ftpsite variable
Martin Zobel-Helas [Tue, 11 Apr 2017 10:51:29 +0000 (12:51 +0200)]
Merge remote-tracking branch 'waldi/rsyncd-vsftpd-systemd-all'
* waldi/rsyncd-vsftpd-systemd-all:
Another try to fix xinetd vs. systemd
Pull in ftp conntrack in vsftpd site
Use rsyncd via systemd on bugs_mirror
Use rsyncd via systemd on wiki
Use rsyncd via systemd on snapshot
Use vsftpd via systemd on ftp
Use rsyncd via systemd on syncproxy
Use rsyncd and vsftpd via systemd on security_mirror
Fix dependencies between service and xinetd
Aurelien Jarno [Tue, 11 Apr 2017 10:33:30 +0000 (12:33 +0200)]
Only switch FTP conntrack to explicit CT target for stretch hosts
While it also works for jessie works, it requires a reboot as module
loading is disabled.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
projects / mirror / dsa-puppet.git / log